CVE-2013-2147
Last modified
CVE-2013-2147 is a vulnerability of currently unknown severity. The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c.. EPSS estimates a 0.42% chance of exploitation in the next 30 days.
Description
The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Linux | Linux Kernel | <= 3.9.4 | — |
| Linux | Linux Kernel | 3.9 | Rc1 |
| Linux | Linux Kernel | 3.9.0 | — |
| Linux | Linux Kernel | 3.9.1 | — |
| Linux | Linux Kernel | 3.9.2 | — |
| Linux | Linux Kernel | 3.9.3 | — |
| Suse | Linux Enterprise Server | 10 | Sp4 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-2147?
How severe is CVE-2013-2147?
How do I fix CVE-2013-2147?
Are you affected by CVE-2013-2147?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST